07-06-2009 02:47 PM - edited 03-04-2019 05:20 AM
Hi all,
I'm trying to know, how can I do NAT portmap-based for a group of Asterisk-based VoIP servers, on the inside interfaces of the router, with multiple Internet links.
I have a dual-ISP connection, on a Cisco 2821 with the IOS 14.4(15)T and two HWIC-4ESW. Two default routes are applied. Services (WEB, VOIP, DNS) have been isolated in different vlans.
Each server will have two public IP address and one private address. So, external clients on Internet will have two paths for each server. In the event that one fails, the other takes the entire load. In this case, how BGP4 can improve the efficiency and redundancy of the network? What attributes help?
what type of QoS I can put on the router, in order to ensure SIP and RTP traffic flows?
and What routing best practices can be implemented?
If I install a DNS Server with local IP address, on the inside zone of the network, that serves queries for external clients, the DNS response must be to a Global IP address or may be to a local IP address?
Thanks for all.
07-09-2009 09:47 AM
Hello Peter,
>> Each server will have two public IP address and one private address
you probably need PBR policy based routing that allows you to route outbound based on source address applied inbound on internal vlan interfaces.
BGP by itself cannot route based on source address. BGP can be used to influence return path but likely you have one IP address pool from provider A and one address pool from provider B or you have divided your own IP address blocks in two halfs (in this last case BGP can be helpful)
for PBR you can have a look at:
About DNS:
the external clients should look for the ip address of your servers contacting their DNS that then can contact your public DNS server.
if you are going to use NAT and BGP combined the config will be complex and interaction with DNS has to be considered
Hope to help
Giuseppe
07-13-2009 12:37 PM
Hi Giuseppe,
You have right on this >>you probably need PBR policy based routing that allows you to route outbound based on source address applied inbound on internal vlan interfaces.
I have actually doing this. I create one route-map for ISPs exit, that match servers IP address and route them throught the same inbound flow traffic.
But I have a lot of questions about this particular topology design and his network configuration.
|||||ISP_A||||| |||||ISP_B|||||
200.100.50.1/28 50.100.200.1/29
. .
. .
. .
G0/0:200.100.50.2/28 |||||R2821||||| G0/1:50.100.200.2
VLAN10 VLAN20
STATIC NAT
200.100.50.3 --> 172.16.10.100 50.100.200.3 --> 172.16.10.101
200.100.50.4 --> 172.16.20.100 50.100.200.4 --> 172.16.20.101
. .
. .
. .
(sip.dmn.com) (ns.dmn.com)
|||||VoIP Server||||| |||||DNS Server|||||
eth0:172.16.10.100/24(sip1.dmn.com) eth0:172.16.20.100/24(ns1.dmn.com)
eth1:172.16.10.101/24(sip2.dmn.com) eth1:172.16.20.101/24(ns2.dmn.com)
Note: The IP adressess and domains has been changed, but VLANs and netmask still be the same.
First: DNS Server Multihomed Configuration
I consulted three books about DNS, and still not find anything similar. So, multihomed DNS server configuration isn't work yet. I can reach the DNS Server through both ISPs. I can actually ping with an external client to:
ns.dmn.com OK
ns1.dmn.com OK
ns2.dmn.com OK
sip.dmn.com Don't work
sip1.dmn.com OK
sip2.dmn.com OK
Second: BGP Protocol
I know that BGP by itself cannot route based on source address, and can be used to influence return path, but at this point, BGP can really help in redundacy and optimization of this network? if so, what is the recommended way to implement it?
Third: NAT Multihomed
Given the limited space in each ISP pool, would help implement NAT port forwarding to the server farm. Again, what is the recommended way to implement it?
I readed this article and I didn't understand the last topic "Single NAT to Multiple ISPs"
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml
Thanks a lot.
07-13-2009 12:39 PM
Hi,
I tried to post the topology with ASCII, but didn't work.
Sorry.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide